68 matches found
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
Design/Logic Flaw
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
CVE-2022-43421
CVE-2022-43421 : In Jenkins, the Tuleap Git Branch Source Plugin (versions 3.2.4 and earlier) contains a missing permission check in the mechanism that triggers Tuleap projects. This allows unauthenticated attackers to trigger projects whose configured repository matches an attacker-specified val...
CVE-2022-43421
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value...
PT-2022-6109 · Jenkins · Jenkins Tuleap Git Branch Source Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Git Branch Source Plugin versions 3.2.4 and earlier Description: The issue is related to a missing permission check in the Jenkins Tuleap Git Branch Source Plugin, allowing unauthenticated attackers to trigger Tuleap projects...
GHSA-9CFQ-V2HM-C3XR Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
A server-side request forgery vulnerability exists in Jenkins GitHub Branch Source Plugin 2.3.4 and older in Endpoint.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. Additionally, this form validation method did not require POST...
Jenkins Bitbucket Branch Source Plugin Cross-Site Request Forgery Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins. Those can be used...
GHSA-W4JV-6RG4-PR4M Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
Jenkins Bitbucket Branch Source Plugin prior to 746.v350d2781c184, 725.vd9f8be0fa250, 2.9.11.2, and 2.9.7.2 does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This allows attackers with Overall/Read access to connect to an...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-20618
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
CVE-2022-20619
CVE-2022-20619 applies to Jenkins Bitbucket Branch Source Plugin prior to 737.vdf9dc06105be. It describes a cross-site request forgery (CSRF) vulnerability that lets an attacker cause Jenkins to connect to an attacker-specified URL using attacker-specified credentials IDs, potentially capturing c...
CVE-2022-20619
A cross-site request forgery CSRF vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2022-20618
The CVE-2022-20618 entry affects Jenkins Bitbucket Branch Source Plugin (versions prior to 737.vdf9dc06105be). The root cause is a missing permission check on multiple HTTP endpoints, which allows attackers with Overall/Read access to enumerate credentials IDs stored in Jenkins. This credential d...
CVE-2022-20618
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins...
PT-2022-14827 · Jenkins · Jenkins Bitbucket Branch Source Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Bitbucket Branch Source Plugin versions prior to 746.v350d2781c184 Jenkins Bitbucket Branch Source Plugin versions prior to 725.vd9f8be0fa250 Jenkins Bitbucket Branch Source Plugin versions prior to 2.9.11.2 Jenkins Bitbucket Branch...
Jenkins Plugin 跨站请求伪造漏洞
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . The Jenkins Bitbucket Branch Source Plugin suffers from a cross-site request forgery vulnerability that stems from a WE...